Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/IobReUF3cdPA5iIgdavq7U8KWV8.roa
File:                     IobReUF3cdPA5iIgdavq7U8KWV8.roa (raw, json)
Hash identifier:          I4zXcDSqg8gW3+DckMLkADhjhJqexTMtDe43bbN28uM=
Subject key identifier:   22:86:D1:79:41:77:71:D3:C0:E6:22:20:75:AB:EA:ED:4F:0A:59:5F
Certificate issuer:       /CN=178e2fe21da20235e99ec43c19381c7c6d63a3ad
Certificate serial:       018CC348E803A5F07CD80E35992C8A50BE47
Authority key identifier: 17:8E:2F:E2:1D:A2:02:35:E9:9E:C4:3C:19:38:1C:7C:6D:63:A3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F44v4h2iAjXpnsQ8GTgcfG1jo60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/IobReUF3cdPA5iIgdavq7U8KWV8.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8849
IP address blocks:        5.42.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/F44v4h2iAjXpnsQ8GTgcfG1jo60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/F44v4h2iAjXpnsQ8GTgcfG1jo60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F44v4h2iAjXpnsQ8GTgcfG1jo60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e8:03:a5:f0:7c:d8:0e:35:99:2c:8a:50:be:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=178e2fe21da20235e99ec43c19381c7c6d63a3ad
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2286d179417771d3c0e6222075abeaed4f0a595f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:51:4b:23:ff:58:06:a2:8f:a1:b7:0b:47:87:
                    40:3e:f9:7d:1f:8f:d1:e2:ce:f8:fc:ea:c8:60:30:
                    4e:1f:12:b6:5c:ae:46:90:86:c1:77:e2:f1:f6:8c:
                    49:cf:65:e2:99:ea:bc:97:6a:ca:aa:67:a8:4d:ff:
                    84:16:f6:82:e2:f4:ca:db:21:9c:45:89:13:d2:ce:
                    16:da:d4:a8:35:89:25:1e:6d:65:df:28:52:6e:06:
                    7e:bb:92:68:ec:c4:28:df:47:da:c6:4d:aa:73:33:
                    9a:17:f8:31:40:2b:de:b7:2d:6c:14:ce:91:f3:2f:
                    40:f6:0f:ac:5a:dd:c2:4f:fd:8c:48:03:72:e2:1e:
                    e7:58:4e:4d:ff:c9:70:af:1d:47:de:02:53:42:e2:
                    dd:92:88:70:20:32:15:5d:e1:d1:66:b8:98:92:ee:
                    99:a7:b3:14:87:9d:51:25:e3:12:e2:54:7e:c0:9a:
                    8e:2e:b9:ab:50:ce:8c:cf:b4:dc:ef:a6:5b:99:e9:
                    76:ff:06:d0:c8:51:94:b8:42:f3:fe:19:67:b9:41:
                    63:11:02:0f:a7:25:dd:0c:36:d2:0d:b2:50:c8:67:
                    2c:8d:34:c7:98:75:c2:f9:38:e3:d0:9d:2e:86:2d:
                    2f:a8:d2:bc:24:a4:5f:72:55:67:f6:d6:30:8a:fc:
                    11:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:86:D1:79:41:77:71:D3:C0:E6:22:20:75:AB:EA:ED:4F:0A:59:5F
            X509v3 Authority Key Identifier:
                keyid:17:8E:2F:E2:1D:A2:02:35:E9:9E:C4:3C:19:38:1C:7C:6D:63:A3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F44v4h2iAjXpnsQ8GTgcfG1jo60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/IobReUF3cdPA5iIgdavq7U8KWV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f42340-2fcd-4573-a80b-910155525b2c/1/F44v4h2iAjXpnsQ8GTgcfG1jo60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f3:a8:1a:80:6a:e8:70:bb:05:ec:84:33:63:54:d4:9b:f2:
         a8:1b:02:6c:6f:b6:b8:c2:5b:5b:28:cc:25:8e:29:94:34:aa:
         2a:c7:c4:19:15:c3:45:00:99:3f:44:37:b6:57:6d:7c:8d:89:
         40:90:10:2c:4f:62:80:7f:0f:80:ed:d7:26:e5:40:3c:bc:1f:
         07:d0:86:93:1b:12:bf:54:98:a0:b0:07:6f:6f:bc:5d:e5:9c:
         e3:4f:66:33:a0:5d:8b:35:4a:e7:b9:62:66:24:bb:2c:81:eb:
         3d:f7:de:28:87:23:2d:ad:b8:de:a4:cb:21:1b:df:89:a1:2f:
         eb:6c:92:53:41:74:e9:d6:80:f5:5c:64:0b:e7:9f:8e:ad:ef:
         c0:51:b9:fc:8b:9f:67:84:64:a3:35:b1:41:e1:99:a2:e3:23:
         ef:31:26:1a:96:5f:f5:1c:88:96:95:43:6b:2c:1e:8e:ca:83:
         76:6d:f1:48:62:a7:c4:13:cd:9f:4a:13:e4:b9:4c:ab:db:87:
         58:f7:82:4a:51:b0:0e:4a:49:4a:f7:f2:68:6c:8e:31:9c:ee:
         4a:48:16:87:18:29:33:2c:a4:68:a4:f7:ed:8c:22:e3:42:8b:
         90:24:c2:61:17:75:ab:3d:e9:30:d5:a1:08:3d:37:1b:38:a4:
         9e:8a:c9:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOgDpfB82A41mSyKUL5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OGUyZmUyMWRhMjAyMzVlOTllYzQzYzE5MzgxYzdjNmQ2
M2EzYWQwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjg2ZDE3OTQxNzc3MWQzYzBlNjIyMjA3NWFiZWFlZDRmMGE1OTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lFLI/9YBqKPobcLR4dAPvl9H4/R
4s74/OrIYDBOHxK2XK5GkIbBd+Lx9oxJz2Ximeq8l2rKqmeoTf+EFvaC4vTK2yGc
RYkT0s4W2tSoNYklHm1l3yhSbgZ+u5Jo7MQo30faxk2qczOaF/gxQCvety1sFM6R
8y9A9g+sWt3CT/2MSANy4h7nWE5N/8lwrx1H3gJTQuLdkohwIDIVXeHRZriYku6Z
p7MUh51RJeMS4lR+wJqOLrmrUM6Mz7Tc76Zbmel2/wbQyFGUuELz/hlnuUFjEQIP
pyXdDDbSDbJQyGcsjTTHmHXC+Tjj0J0uhi0vqNK8JKRfclVn9tYwivwR/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKG0XlBd3HTwOYiIHWr6u1PCllfMB8GA1UdIwQY
MBaAFBeOL+IdogI16Z7EPBk4HHxtY6OtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjQ0djRoMmlBalhwbnNROEdUZ2NmRzFqbzYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mNDIzNDAtMmZjZC00NTczLWE4MGIt
OTEwMTU1NTI1YjJjLzEvSW9iUmVVRjNjZFBBNWlJZ2RhdnE3VThLV1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mNDIzNDAtMmZjZC00NTczLWE4MGItOTEwMTU1NTI1YjJj
LzEvRjQ0djRoMmlBalhwbnNROEdUZ2NmRzFqbzYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrOMA0G
CSqGSIb3DQEBCwUAA4IBAQB486gagGrocLsF7IQzY1TUm/KoGwJsb7a4wltbKMwl
jimUNKoqx8QZFcNFAJk/RDe2V218jYlAkBAsT2KAfw+A7dcm5UA8vB8H0IaTGxK/
VJigsAdvb7xd5ZzjT2YzoF2LNUrnuWJmJLssges9994ohyMtrbjepMshG9+JoS/r
bJJTQXTp1oD1XGQL55+Ore/AUbn8i59nhGSjNbFB4Zmi4yPvMSYall/1HIiWlUNr
LB6OyoN2bfFIYqfEE82fShPkuUyr24dY94JKUbAOSklK9/JobI4xnO5KSBaHGCkz
LKRopPftjCLjQouQJMJhF3WrPekw1aEIPTcbOKSeisn1
-----END CERTIFICATE-----